Computer systems typically include a combination of hardware, such as semiconductors and circuit boards, and software, also known as computer programs. Computers are often connected together via network, which allows users at different computers, which are sometimes located nearby but are often separated by great distances, to exchange information. One example of a network is the Internet, and users commonly use the Internet to exchange information via such techniques as forums, email, chat sessions, instant messaging, virtual reality communities, and transactions (e.g., e-commerce, auctions, and the purchase and sale of goods and services).
Much of this information exchange is between users who are anonymous, meaning that users often do not know each other's real identity, such as their legal name and address of residence. Users also usually do not know descriptive information that would normally be apparent in a physical encounter, such as each other's approximate age and gender. Instead, users are often known only by assumed names, handles, screen names, or email addresses, multiple different versions of which can easily be generated, changed, and discarded at the user's sole discretion. This anonymity of users can facilitate undesirable activities, such as harassment and fraud. Vulnerable users, such as children, are particularly at risk, but even sophisticated and cautious adults can fall victim.
A current technique for attempting to lower the risk of interacting with anonymous users is the use of digital certificates. A digital certificate (also called an identity certificate or a public key certificate) is an electronic document that uses a digital signature to bind together a public key with an identity, such as a person's name, organization, and address. The digital signature is typically generated by a trusted third party, which is often called the certificate authority. The digital certificate can be used by the receiving user (via the techniques of public-key cryptography) to verify that the public key belongs to the identity, and thus that the information (a document, email, or other received information), to which the digital certificate is attached, originated from the identity.
To understand the deficiencies of digital certificates, consider the following example, in which a user receives an email that contains a digital certificate. The digital certificate includes an identity of “Jane Doe” and a digital signature generated by a certificate authority, which is trusted by the receiving user. The text of the email alleges that Jane Doe is a 55-year-old female physician who is offering herbal supplements for sale that promote health. The existence of the digital certificate does not imply that Jane Doe is 55 years old, that Jane Doe is female, that Jane Doe is a physician, that the herbal supplements promote health, or that anyone named “Jane Doe” even exists. Instead, at best, the existence of the digital certificate implies that if the user receives multiple emails from the identity “Jane Doe,” then all those emails originated from the same originator, and the email has not been tampered with in route. Thus, digital certificates do not allow the receiving user to trust that the associated information is true because digital certificates do not verify or describe the originator's age, gender, educational background, professional licenses, or any other attributes, characteristics, qualifications, or achievements of the originator.
Thus a better technique is needed that allows users to trust the information provided by others.